Legal
How we protect your data and keep Stocksmith secure.
All website access uses HTTPS encryption with 2048-bit key technology and maintains an A+ rating on the Qualys SSL Labs test. We regularly review our SSL configurations and update them whenever vulnerabilities emerge.
External data retrieval from platforms like Etsy, Shopify, Square, and PayPal uses a unique access token over a secure connection via official APIs. We never store usernames or passwords for these external accounts.
Passwords are stored using one-way encryption within the database and cannot be read by staff in plaintext form. You are responsible for protecting your credentials carefully.
All stored data uses at-rest encryption. We maintain redundant failover databases should anything happen to a primary server, and backups are taken at hourly intervals and saved offsite. Backups are accessible for a maximum of 30 days, as per our privacy policy.
Staff access business data only when necessary for support purposes. We require explicit consent before accessing your data, except during critical security incidents or suspected abuse investigations.
Support personnel access the minimum data needed to resolve your issue and nothing more, while respecting your privacy. We maintain a small staff, limiting the number of individuals who require data access.
Payment information never passes through or is stored on Stocksmith systems. We partner with Stripe and PayPal, both certified to PCI Service Provider Level 1 — the most stringent level of certification available.
Our USA-based servers are operated within facilities holding SAS70 Type II and SSAE16 certified status. Physical security includes round-the-clock surveillance monitoring and biometric locks.
If you have any questions or concerns about our security practices, please contact us at help@stocksmith.io.